diff options
| author | Kevin Morssink <contact@kevinmorssink.nl> | 2015-08-04 19:05:46 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-08-07 12:24:22 +0200 |
| commit | 36bd3413be0807fe358d87856b3a2f42047764fd (patch) | |
| tree | 189aabec8c693b3a0bd78c3c5c886196886685b2 /system/helpers/string_helper.php | |
| parent | 4e5ff1f7f8c1897526e9362fdcf7b574c1b3cdf9 (diff) | |
Fix ReDoS-bug in string_helper.php
Fix for ReDoS (Regular Expression Denial of Service) / Code Injection
Risk
Diffstat (limited to 'system/helpers/string_helper.php')
| -rw-r--r-- | system/helpers/string_helper.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php index 5860e15fb..28e6ab15f 100644 --- a/system/helpers/string_helper.php +++ b/system/helpers/string_helper.php @@ -253,7 +253,7 @@ if ( ! function_exists('increment_string')) */ function increment_string($str, $separator = '_', $first = 1) { - preg_match('/(.+)'.$separator.'([0-9]+)$/', $str, $match); + preg_match('/(.+)' . preg_quote($separator) . '([0-9]+)$/', $str, $match); return isset($match[2]) ? $match[1].$separator.($match[2] + 1) : $str.$separator.$first; } } |